Blocked attacks
You can view the history of DDoS attacks blocked by Servercore protection in the Control panel.
Servercore protection operates at the network and transport layer (L3-L4). If your monitoring systems have detected an application-layer (L7) attack or other malicious activity, immediately contact the support service.
View attack history
-
In the Control panel, on the top menu, click Products and select Network Incidents.
-
Open the Blocked attacks tab. For each attack, the attacked network, attack period, and the response from the protection system are indicated:
block— suspicious traffic was fully dropped;redirect— suspicious TCP traffic was filtered, only legitimate requests were passed;detect— suspicious traffic was detected but not dropped. A new attack detection rule is being tested in the system, or traffic blocking is disabled for the IP address.
-
To view detailed information about an attack, including the attack type, its rate, intensity, total number of packets sent, and volume, click the network IP address in the attack row.
-
Optional: if you observe a prolonged attack that disrupts or limits service availability, change the server IP address.
Attack types
| Description | Attack target | |
|---|---|---|
| UDP flood to service DST port 565 limited | UDP traffic attack on destination port 565 Whoami |
|
| UDP flood to service DST port 1194 limited | UDP traffic attack on destination port 1194 OpenVPN | Exhaustion of the bandwidth and computing resources of the attacked host, denial of service for the attacked application |
| NTP Monlist Response | Reflected and amplified UDP traffic attack from source port 123 (NTP Monlist response vulnerability) | Bandwidth exhaustion |
| SSDP Reflection | Reflected and amplified UDP traffic attack from source port 1900 (SSDP and UPnP protocol vulnerability) | Bandwidth exhaustion |
| Empty UDP data | Attack on client IP with empty UDP datagrams (Empty UDP Flood) | Increased victim network utilization |
| Memcache | Reflected and amplified UDP traffic attack from source port 11211 (Memcache vulnerability) | Bandwidth exhaustion |
| SSRP Reflection | Reflected and amplified UDP traffic attack from source port 1434 SSRP (SQL Server Resolution Protocol) | Bandwidth exhaustion |
| WSD Reflection | Reflected and amplified UDP traffic attack from source port 11211 (Memcache vulnerability) | Bandwidth exhaustion |
| Net Assistant Reflection | Reflected and amplified UDP traffic attack from source port 3283 (Apple Network Assistant vulnerability) | Bandwidth exhaustion |
| LowShadyPorts/Reflection flood to server limited | Reflected and amplified UDP traffic attack from source ports:
| Bandwidth exhaustion |
| Custom UDP amplifications | Reflected and amplified UDP traffic attack from source ports:
| Bandwidth exhaustion |
| Custom UDP amplifications3 | Reflected and amplified UDP traffic attack from source port 37021 SADP (Hikvision) | Bandwidth exhaustion |
| Query Response/DNS query response reflection flood to server limited | DNS Response traffic attack from public DNS servers with source port 53 UDP DNS and flags set from the DNSSEC extension:
| Bandwidth exhaustion |
| Source Port 53/UDP source port 53 reflection flood to server limited | Reflected and amplified UDP traffic attack from source port 53 UDP DNS | Bandwidth exhaustion |
| Source Port 4500/UDP source port 4500 reflection flood to server limited | Reflected and amplified UDP traffic attack from source port 4500 | Bandwidth exhaustion |
| Any Source Port/UDP source port reflection flood to server limited | High volume UDP traffic attack from a specific source port to any client IP destination port | Bandwidth exhaustion |
| RST/TCP RST reflection flood to server limited | TCP traffic attack with TCP RST flag set from a specific source port to any client IP destination port |
|
| SYN/ACK/TCP SYN/ACK reflection flood to server limited | TCP traffic attack with TCP RST flag set from a specific source port to any client IP destination port | Exhaustion of network and computing resources of the attacked host |
| PSH/ACK/TCP PSH/ACK reflection flood to server limited | TCP traffic attack with TCP RST or TCP PSH flags set from a specific source port to any client IP destination port | Exhaustion of the attacked host's computing resources |
| Failed Reflectors/ICMP Server flood to server limited | Attack on a client host with a large volume of response ICMP traffic from public servers, triggered by attacker-sourced specific requests to public servers for UDP port reachability, but with the source address spoofed to the client's | Exhaustion of bandwidth and computing resources of the attacked host |
| UDP flood to service DST port 53 limited | UDP traffic attack on destination port 53 DNS |
|
| Any Destination Port/UDP service flood to a server port limited | Attack with high volume UDP traffic to any custom victim port |
|
| Any Type/ICMP/ICMPv6 service flood to server limited | Attack with custom ICMP traffic (including ICMPv6) of large volume on a specific client destination port | Exhaustion of bandwidth and computing resources of the attacked host |
| SYN/TCP SYN to a server port limited | TCP traffic attack with TCP SYN flag set on a specific client IP destination port |
|
| RST/TCP RST to a server port limited | TCP traffic attack with TCP RST flag set on a specific client IP destination port |
|
| PSH/ACK/TCP PSH/ACK service flood to a server port limited | TCP traffic attack with TCP RST/PSH flags set on a specific client IP destination port | Exhaustion of the attacked host's computing resources |
| Any TCP/TCP to a server port limited | Attack with custom TCP traffic of large volume on a specific client port | Exhaustion of the attacked host's computing resources and bandwidth |
| Fragment Under Attack/UDP server under attack fragment to server limited | Attack with fragmented UDP datagrams. Usually accompanies other types of UDP attacks | Bandwidth exhaustion |
| Any Port/UDP server flood to server limited | Attack with custom UDP traffic of large volume cumulatively on any client port | Exhaustion of the attacked host's computing resources and bandwidth |
| Any Type/ICMP server flood to server limited | Attacking large amounts of custom ICMP traffic, including ICMPv6, on any client destination port | Exhaustion of bandwidth and computing resources of the attacked host |
| SYN/TCP SYN to server address limited | TCP traffic attack with TCP SYN flag set on any client IP destination port |
|
| RST/TCP RST to server address limited | TCP traffic attack with TCP RST flag set on any client IP destination port |
|
| Any TCP/TCP to server address limited | Attack with custom TCP traffic of large volume in aggregate on any destination-port of the client | Exhaustion of network and computing resources of the attacked host and bandwidth |
| IP protocol Any IP protocol server flood to server limited | Attack with custom IP traffic of large volume cumulatively by all transport protocols and all ports | Exhaustion of network and computing resources of the attacked host and bandwidth |
| Flex Fragment/Flex matched IP fragment to destination IP under attack | Rule that defines blocking of IP packet fragments for hosts that are already under attack. Accompanies other attack types | — |
| TCP FIN to a server port limited | TCP traffic attack with TCP FIN flag set on a specific client IP destination port |
|
| TCP FIN to server server address | TCP traffic attack with TCP FIN flag set in aggregate on any client IP destination port |
|
| TCP Any Flags | Attack with a large volume of traffic with any set of flags |
|
| UDP Fragment Server Smart-Rule | Attack with fragmented UDP datagrams | Bandwidth exhaustion |